1941
|
- |
|
-
|
-
|
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks…
|
CWE-79
Cross-site Scripting
|
CVE-2024-55601
|
2024-12-10 07:15 |
2024-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1942
|
- |
|
-
|
-
|
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMT…
|
-
|
CVE-2024-12174
|
2024-12-10 07:15 |
2024-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1943
|
- |
|
-
|
-
|
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates …
|
CWE-184
Incomplete Blacklist
|
CVE-2024-54149
|
2024-12-10 06:15 |
2024-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1944
|
4.2 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur,…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2024-12369
|
2024-12-10 06:15 |
2024-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1945
|
5.3 |
MEDIUM
Network
progress
|
whatsup_gold
|
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWA…
|
NVD-CWE-noinfo
|
CVE-2024-8785
|
2024-12-10 05:25 |
2024-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1946
|
- |
|
-
|
-
|
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. …
|
CWE-295
Improper Certificate Validation
|
CVE-2024-54147
|
2024-12-10 04:15 |
2024-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1947
|
- |
|
-
|
-
|
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting (XSS) + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy an…
|
CWE-79
Cross-site Scripting
|
CVE-2024-53847
|
2024-12-10 04:15 |
2024-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1948
|
- |
|
-
|
-
|
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to version…
|
CWE-79
Cross-site Scripting
|
CVE-2024-52599
|
2024-12-10 04:15 |
2024-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1949
|
- |
|
-
|
-
|
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's bu…
|
CWE-288 CWE-303
Authentication Bypass Using an Alternate Path or Channel Incorrect Implementation of Authentication Algorithm
|
CVE-2024-52586
|
2024-12-10 04:15 |
2024-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1950
|
- |
|
-
|
-
|
User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end.
By exploi…
|
-
|
CVE-2024-12057
|
2024-12-10 04:15 |
2024-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|